diff options
author | Florian Weimer <fweimer@redhat.com> | 2018-04-05 12:52:19 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2018-04-05 12:52:19 +0200 |
commit | cf138b0c83b3210990b29772e2af5982fb0e3c26 (patch) | |
tree | 075a78aa20aec46bf3d989d28642826bc2989bee /manual/examples/mbstouwcs.c | |
parent | 0f339252697e6dcfc9e00be6cd8272d4260b90d2 (diff) | |
download | glibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.tar.gz glibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.tar.xz glibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.zip |
manual: Various fixes to the mbstouwcs example, and mbrtowc update
The example did not work because the null byte was not converted, and mbrtowc was called with a zero-length input string. This results in a (size_t) -2 return value, so the function always returns NULL. The size computation for the heap allocation of the result was incorrect because it did not deal with integer overflow. Error checking was missing, and the allocated memory was not freed on error paths. All error returns now set errno. (Note that there is an assumption that free does not clobber errno.) The slightly unportable comparision against (size_t) -2 to catch both (size_t) -1 and (size_t) -2 return values is gone as well. A null wide character needs to be stored in the result explicitly, to terminate it. The description in the manual is updated to deal with these finer points. The (size_t) -2 behavior (consuming the input bytes) matches what is specified in ISO C11.
Diffstat (limited to 'manual/examples/mbstouwcs.c')
-rw-r--r-- | manual/examples/mbstouwcs.c | 49 |
1 files changed, 37 insertions, 12 deletions
diff --git a/manual/examples/mbstouwcs.c b/manual/examples/mbstouwcs.c index 5d223da2ae..c94e1fa790 100644 --- a/manual/examples/mbstouwcs.c +++ b/manual/examples/mbstouwcs.c @@ -1,3 +1,4 @@ +#include <stdbool.h> #include <stdlib.h> #include <string.h> #include <wchar.h> @@ -7,22 +8,46 @@ wchar_t * mbstouwcs (const char *s) { - size_t len = strlen (s); - wchar_t *result = malloc ((len + 1) * sizeof (wchar_t)); + /* Include the null terminator in the conversion. */ + size_t len = strlen (s) + 1; + wchar_t *result = reallocarray (NULL, len, sizeof (wchar_t)); + if (result == NULL) + return NULL; + wchar_t *wcp = result; - wchar_t tmp[1]; mbstate_t state; - size_t nbytes; - memset (&state, '\0', sizeof (state)); - while ((nbytes = mbrtowc (tmp, s, len, &state)) > 0) + + while (true) { - if (nbytes >= (size_t) -2) - /* Invalid input string. */ - return NULL; - *wcp++ = towupper (tmp[0]); - len -= nbytes; - s += nbytes; + wchar_t wc; + size_t nbytes = mbrtowc (&wc, s, len, &state); + if (nbytes == 0) + { + /* Terminate the result string. */ + *wcp = L'\0'; + break; + } + else if (nbytes == (size_t) -2) + { + /* Truncated input string. */ + errno = EILSEQ; + free (result); + return NULL; + } + else if (nbytes == (size_t) -1) + { + /* Some other error (including EILSEQ). */ + free (result); + return NULL; + } + else + { + /* A character was converted. */ + *wcp++ = towupper (wc); + len -= nbytes; + s += nbytes; + } } return result; } |